Expansion of packet-based networks, such as the Internet, is extending into mobile environments. Accordingly, user terminals equipped with wireless communication capability can now establish communication sessions with public or protected network resources in part over wireless communication channels. Public network resources are generally accessible by any user using a public network such as the Internet. Protected network resources have restricted access, wherein only authorized user terminals can reach them. This is generally the case for enterprise networks, generally referred as intranets, which may be interconnected to the public Internet but usually through firewalls and network address translators (NAT) to support only authorized access to the protected network resources and to allow the use of private network addressing.
There are numerous wireline and wireless communication networks using different communication technologies and protocols. In an effort to increase functionality, the user terminals may be equipped to communicate with different types of networks using different access technologies. With such capabilities, the user terminals may remain mobile and establish sequential connections over different access networks as the user element moves from one access network to another.
Although basic communication sessions can be established in a dynamic fashion as the user terminal moves, applications relying on communications with the network resources need to be restarted once the user terminal is supported by a new access network. The restarting of the applications is necessary because the network resources or elements acting as a proxy therefor will assign different IP addresses to use for communications via different access networks. Thus, an application running on the user terminal will have a first IP address for communicating with network resources via a first access network and a second IP address for communicating with the same network resources via a second access network. When the application restarts, the necessary handshaking with the network resources is provided to have the network resources or proxies therefor provide an appropriate IP address to which the application should send packets. Given the inconvenience of having to restart applications when the user terminal moves from one access network to another, there is a need for a simple technique by which applications can communicate with the protected network resources in a direct or indirect fashion using a common IP address and without requiring restarting of the application, or otherwise by obtaining a unique IP address to communicate via the new access network.
The IETF MobileIP standard, RFC3244, specifies how basic mobility across access networks can be achieved while preserving a common IP address for the user terminal applications when accessing public network resources. Various enhancements to RFC3244 have been standardized to facilitate mobility when a user terminal communicates with protected network resources. RFC 3024 specifies symmetrical tunnels for communication but doesn't address NAT and firewall traversal issues. RFC 3519 adds an additional UDP (user datagram protocol, RFC 768) protocol layer to allow NAT traversal but adds extra protocol headers and doesn't address firewall traversal. RFC 2356 describes how MobileIP can traverse one specific type of firewall, but is not compatible with IPSec (IP security, RFC 2406, RFC 2402), the preferred mechanism for securing access to private networks via a public network. Thus, there is a further need to allow for firewall, NAT, encryption and private IP addressing, as well as a need to minimize the equipment needed and to fit into existing practices used to access private networks via a public network.